While this is a few years old, it is essential to understand the statistics of data breaches in the past to better understand those of the future.
The 2016 Data Breach Investigations Report is the 9thedition on the collection of data breaches and information security incidents from the previous year. This year’s data is a summary of over 100,000 events that have occurred in the hope that one will be able to properly manage their information security so that these attacks will not happen to them as well. This information is crucial as no security system can entirely prevent these incidents (a security event that affects the integrity and availability of an information asset) and breaches (an incident that creates disclosure and exposure of data to one who isn’t authorized to access it). With this information, you will be one step ahead of the hackers who make these attacks every day.
This year, we see cybercriminals continuing to exploit human nature as they rely on attacks such as phishing and ransomware. Phishing (when users are sent an email from a fraudulent source) is on the rise as the percentage of users who open these emails rose from 23% to 30%. Ransomware attacks increased as well by 16% alone from last year. Per the report, 89% of all attacks involve espionage or financial motives. It is quite shocking that most of these attacks use known vulnerabilities that never have been patched even though these patches exist. The top 10 known vulnerabilities accounted for 85% of the total number of exploits. What is even more shocking are the number of data breaches that involved using stolen or weak passwords. A total of 63% of data breaches were recorded using this easily prevented method.
Also, per the report, “miscellaneous errors” are at the top of the list for security incidents. These events occur when there is improper disposal of information, incorrect configuration of IT systems, as well as lost and stolen items such as laptops. 26% of these errors came from sending information to the wrong person. What does this information say about the trend of cyber-attacks? It all has less to do with the actual programs and technology and more about human error. The time it takes these cybercriminals to compromise or hack into systems or data is also very alarming. In 93% of the cases reported, it took these attackers less than a minute to compromise the affected systems. This should scare us all and make us want to beef up the security of our computers, systems, and applications.
What can one do to increase their defenses against these threats? There are several methods to boost security against attacks such as these. First, by reading this report and those like it, one can know what attack patterns are the most common for your industry. Implementing a two-factor authentication on all computers, systems, and applications is another way you can decrease the risk of a successful attack. Patches and updates are an easily forgotten way to increase your defenses as well and should always be addressed. Above all, as the report says, human error is one of the most significant areas of weaknesses, so proper training for your staff in various ways to protect against malicious attacks is vital.
Overall, this report was very illuminating, and I learned a lot about modern-day data breaches and security incidents. The results were pretty much what I suspected. I had already thought before reading this report that human error would be at the top of the list. Miscellaneous errors, insider and privilege-abuse, as well as physical theft and loss, are all areas in which humans make cyber-security a more significant risk. The lesson to be learned here is that no locale, organization, or industry is safe from attackers. Understanding these patterns and events can help one prioritize resources and personnel to set up a cost-effective and successful defense system against a large number of cyber-criminals in the world today. Using this information to your advantage will help prevent problems down the road and should be studied in detail and used accordingly. Thank you for your time, and I hope this report helps you like it has helped me.
“2016 Data Breach Investigations Report”. Verizon. Web. 2016. 14 March 2017. https://www.verizonenterprise.com/resources/reports/rp_DBIR_2016_Report_en_xg.pdf